forked from extern/shorewall_code
Don't remove a lone ACCEPT rule from the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
0d1f5bf261
commit
4c6df657da
@ -1334,7 +1334,7 @@ sub optimize_chain( $ ) {
|
|||||||
|
|
||||||
pop @$rules, $count++ while @$rules && $rules->[-1] =~ /-j ACCEPT\b/;
|
pop @$rules, $count++ while @$rules && $rules->[-1] =~ /-j ACCEPT\b/;
|
||||||
|
|
||||||
if ( @${rules} ) {
|
if ( @${rules} || $chainref->{dont_delete} ) {
|
||||||
add_rule $chainref, '-j ACCEPT';
|
add_rule $chainref, '-j ACCEPT';
|
||||||
progress_message " $count ACCEPT rules deleted from policy chain $chainref->{name}" if $count;
|
progress_message " $count ACCEPT rules deleted from policy chain $chainref->{name}" if $count;
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user